Multiple Linux hosts (~24) are failing to authenticate using SSH keys through PAM with error "PAM-CM-1341: Failed to establish a communications channel to the remote host" while logon using the same public key works fine directly from a Linux host.
Release : 4.0.X / 4.1.X
Encoding the private key with Base64 then using it in the password field is required
Customer updated (using the command line) all of the sshkey target accounts that previously failed to authenticate posing the error PAM-CM-1341 on authentication. Post this update via the command line, all the target accounts authenticated successfully.
The command line parameters are as shown below (the way it appears in PowerShell using variables):
ArgumentList = @("-cp $LIBS $SSL_OPTION com.cloakware.cspm.server.ui.CommandLineInterface cspmHostName=$capam adminUserID=$username adminPassword=$password cmdName=updateTargetAccount TargetAccount.ID=$targetAccountID TargetServer.hostName=$targetHostName TargetApplication.name=$targetAppName TargetAccount.userName=$targetAccountName Attribute.passwordViewPolicyId=$AttributepasswordViewPolicyId TargetAccount.password=$targetAccountPassword Attribute.protocol=$Attributeprotocol ""Attribute.publicKey=$AttributepublicKey"" Attribute.passwordChangeMethod=$AttributepasswordChangeMethod Attribute.useOtherAccountToChangePassword=$AttributeuseOtherAccountToChangePassword TargetAccount.privileged=true TargetAccount.synchronize=$TargetAccountsynchronize Attribute.passphrase=$Attributepassphrase passwordIsBase64Encoded=$passwordIsBase64Encoded")
Key definitions:
$passwordIsBase64Encoded = "true"
$TargetAccountsynchronize = "true"
$targetAccountPassword = "Long string (no line feeds) from contents of Base64 Encoded Private Key PEM File"
$AttributepublicKey = "ssh-rsa " + "$PUBLIC_KEY_STRING" + " "
$AttributepasswordViewPolicyId = """"""
The two significant changes to the command line that the customer used were encoding the private key with Base64 then using it in the password field and changing the PVP to Default.
None.